Summer is here, and things are heating up in the cybersecurity sphere. June saw a third-party vulnerability spiral into the furthest-reaching cyber attack of the year thus far, while separate attacks cut into summer plans for gamers, vacationers, and commuters alike.

On the 6th of July 2023, a joint advisory was published by CISA, the FBI, and CCCS (Canadian Center for Cyber Security) warning of a malware campaign actively exploiting a Remote Code Execution (RCE) vulnerability in Netwrix Auditor (CVE-2022-31199) for initial access.

On July 5th, 2023, Progress Software released a security advisory for a new critical SQL injection vulnerability, CVE-2023-36934, among two other high severity vulnerabilities impacting the MOVEit Transfer web application. These vulnerabilities were responsibly disclosed to Progress Software by researchers at HackerOne and Trend Micro’s Zero Day Initiative.

Last month, we saw top government officials meet with leading tech executives, including the Alphabet and Microsoft CEOs, to discuss advancements in AI and Washington’s involvement.

On June 27th 2023, Arcserve published an advisory for a critical unauthenticated remote code execution (RCE) vulnerability affecting Arcserve Unified Data Protection (UDP) for Windows. Arcserve UDP is a centralized backup and disaster recovery solution. By exploiting this RCE vulnerability, threat actors may be able to gain unauthorized access to sensitive data, install malware, or launch other types of attacks from infected devices.

The Chief Information Security Officer (CISO) is a relatively recent addition to the ranks of organizational leadership. It is a key role for businesses and organizations that possess the necessary resources and recognize the need for a robust security program. When leveraged properly, the CISO assumes a leadership position that is integral to an organization’s C-suite.

Say you’re a medium-sized financial organization. Your clients trust you to not only provide excellent financial services, but to keep their money, financial data, and personal data safe. Unfortunately, the amount of money you store and move attracts a wide array of cybercriminals. Staying safe can become complicated, but no bank, trust, or credit union wants to gain headlines and lose customers over a breach. That’s where SOC2 (System and Organization Controls), can make a major difference.

As the Chief Information Security Officer (CISO) at Arctic Wolf, I have a deep bench of security experts I can leverage to provide the organization with robust risk management, threat detection, security awareness training, and incident response. That’s an advantage that small businesses often don’t have.

The cyber insurance market has matured rapidly over the past two years in the face of ever-evolving risk. Factors such as increased ransomware activity, ballooned claims frequency and loss severity, coupled with soaring market demand have brought us to what is referred to as the “second wave” of cyber insurance — a revolution in the way businesses are evaluated, underwritten and protected.

Arctic Wolf’s The State of Cybersecurity: 2023 Trends report revealed a painful, yet unsurprising statistic: 68% of organizations identified staffing-related issues as their number one threat to achieving their security objectives. Breaking that down further, 32% of organizations are having difficulty with hiring and retaining staff. The remaining 36% feel their existing security team lacks the necessary expertise.